Skip to content

docs(governance): clarify network vs filesystem policy enforcement timing#25488

Open
dvdksn wants to merge 1 commit into
docker:mainfrom
dvdksn:worktree-synchronous-booping-book
Open

docs(governance): clarify network vs filesystem policy enforcement timing#25488
dvdksn wants to merge 1 commit into
docker:mainfrom
dvdksn:worktree-synchronous-booping-book

Conversation

@dvdksn

@dvdksn dvdksn commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

The "Policy changes not taking effect" troubleshooting section only described
network policy propagation. Expanded it to explain that filesystem policy is
evaluated only at mount time (sandbox creation), so a policy change does not
affect already-running sandboxes — users must remove and recreate the sandbox
for a filesystem policy change to take effect. Network policy, by contrast, is
evaluated on every request and updates within the propagation window.

Generated by Claude Code

@netlify

netlify Bot commented Jul 3, 2026

Copy link
Copy Markdown

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit 8dcf5b2
🔍 Latest deploy log https://app.netlify.com/projects/docsdocker/deploys/6a4803e39f68ca0008e9499b
😎 Deploy Preview https://deploy-preview-25488--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@dvdksn dvdksn added the status/review Pull requests that are ready for review label Jul 3, 2026
@dvdksn dvdksn requested a review from a team July 3, 2026 07:59
@dvdksn dvdksn force-pushed the worktree-synchronous-booping-book branch from 24e9ca9 to f8d31e9 Compare July 3, 2026 08:01

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟡 NEEDS ATTENTION

Comment thread content/manuals/ai/sandboxes/governance/org.md Outdated
Comment thread content/manuals/ai/sandboxes/governance/org.md Outdated

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟡 NEEDS ATTENTION

Comment thread content/manuals/ai/sandboxes/governance/org.md Outdated
Comment thread content/manuals/ai/sandboxes/governance/org.md Outdated
…ming

Expand the "Policy changes not taking effect" troubleshooting section to
explain that filesystem policy is only evaluated at mount time (sandbox
creation), so changing it does not affect running sandboxes. Network
policy, by contrast, is evaluated on every request.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@dvdksn dvdksn force-pushed the worktree-synchronous-booping-book branch from f8d31e9 to 8dcf5b2 Compare July 3, 2026 18:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/ai status/review Pull requests that are ready for review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants